Impact

Unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins.

Patches

All versions after commit f3dc89b(3/10/20) are patched.

References

f3dc89b

For more information

If you have any questions or comments about this advisory:

• Open an issue in https://github.com/ractf/core
• Email us at [email protected]